Web Authentication: Three Decisions You're Conflating
4 min read
"Cookie-based vs. token-based" conflates three independent decisions: where state lives, where credentials are stored, and how they're transmitted. This article untangles them and covers the security tradeoffs of each.